rpms/netpanzer/devel netpanzer-cve-2005-2295.patch, NONE, 1.1 netpanzer-cve-2006-2575.patch, NONE, 1.1 netpanzer.spec, 1.1, 1.2
Hugo Cisneiros (eitch)
fedora-extras-commits at redhat.com
Fri Jun 9 15:38:13 UTC 2006
- Previous message (by thread): rpms/mach/FC-5 mach.spec,1.7,1.8 sources,1.4,1.5
- Next message (by thread): rpms/SIBsim4/devel .cvsignore, 1.4, 1.5 SIBsim4.spec, 1.4, 1.5 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: eitch
Update of /cvs/extras/rpms/netpanzer/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23326
Modified Files:
netpanzer.spec
Added Files:
netpanzer-cve-2005-2295.patch netpanzer-cve-2006-2575.patch
Log Message:
fixed CVE-2005-2295 and CVE-2006-2575 vulnerabilities (bz 192990 and 192983
netpanzer-cve-2005-2295.patch:
--- NEW FILE netpanzer-cve-2005-2295.patch ---
--- netpanzer-0.8/src/NetPanzer/Network/ServerSocket.cpp 2004-11-09 09:30:29.000000000 -0200
+++ netpanzer-0.8/src/NetPanzer/Network/ServerSocket.cpp 2006-05-30 03:51:39.000000000 -0300
@@ -169,7 +169,7 @@
size = htol16(*((int16_t*) tempbuffer));
- if ( (size < 0) || (size > _MAX_NET_PACKET_SIZE) ) {
+ if ( (size < 2) || (size > _MAX_NET_PACKET_SIZE) ) {
LOG( ("OnReadStreamServer : Invalid Packet Size %d", size) );
recvoffset = 0;
client->headerincomplete = false;
@@ -224,7 +224,7 @@
size = htol16(*((int16_t*) tempbuffer));
- if ( (size < 0) || (size > _MAX_NET_PACKET_SIZE) ) {
+ if ( (size < 2) || (size > _MAX_NET_PACKET_SIZE) ) {
LOG( ("OnReadStreamServer : Invalid Packet Size %d", size) );
recvoffset = 0;
client->messageincomplete = false;
@@ -266,7 +266,7 @@
} else if (recvsize >= 2) {
size = htol16(*((int16_t*) (recvbuffer + recvoffset)));
- if( (size < 0) || (size > _MAX_NET_PACKET_SIZE) ) {
+ if( (size < 2) || (size > _MAX_NET_PACKET_SIZE) ) {
LOG( ("OnReadStreamServer : Invalid Packet Size %d", size) );
recvoffset = 0;
client->tempoffset = 0;
netpanzer-cve-2006-2575.patch:
--- NEW FILE netpanzer-cve-2006-2575.patch ---
--- netpanzer-0.8/src/NetPanzer/Classes/Network/ServerConnectDaemon.cpp.CVE-2006-2575 2004-11-09 12:30:29.000000000 +0100
+++ netpanzer-0.8/src/NetPanzer/Classes/Network/ServerConnectDaemon.cpp 2006-06-06 20:08:27.000000000 +0200
@@ -35,6 +35,7 @@
#include "SystemNetMessage.hpp"
#include "ConsoleInterface.hpp"
+#include "SelectionBoxSprite.hpp"
#include "Util/Log.hpp"
enum { _connect_state_idle,
@@ -330,7 +331,13 @@
client_setting = (ConnectClientSettings *) message;
connect_player_state->setName( client_setting->player_name );
connect_player_state->unit_config.setUnitColor( client_setting->unit_color );
- connect_player_state->setFlag( client_setting->getPlayerFlag() );
+ if ( (client_setting->getPlayerFlag() < 0) ||
+ (client_setting->getPlayerFlag() >= UNIT_FLAGS_SURFACE.getFrameCount()) )
+ /* FIXME we realy should send an error to the client here, but
+ AFAIK there is no room in the current protocol for this */
+ connect_player_state->setFlag( 0 );
+ else
+ connect_player_state->setFlag( client_setting->getPlayerFlag() );
connect_player_state->setID( connect_player_id.getNetworkID() );
connect_player_state->setStatus( _player_state_connecting );
Index: netpanzer.spec
===================================================================
RCS file: /cvs/extras/rpms/netpanzer/devel/netpanzer.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- netpanzer.spec 4 May 2006 21:13:32 -0000 1.1
+++ netpanzer.spec 9 Jun 2006 15:38:13 -0000 1.2
@@ -1,6 +1,6 @@
Name: netpanzer
Version: 0.8
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: An Online Multiplayer Tactical Warfare Game
Group: Amusements/Games
@@ -8,6 +8,8 @@
URL: http://netpanzer.berlios.de
Source0: http://download.berlios.de/netpanzer/netpanzer-%{version}.tar.bz2
Patch0: gcc-4.1-extra-qualification.patch
+Patch1: netpanzer-cve-2005-2295.patch
+Patch2: netpanzer-cve-2006-2575.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: jam, physfs-devel >= 0.1.9, desktop-file-utils, doxygen
@@ -26,6 +28,11 @@
%prep
%setup -q
%patch0 -p1
+# This patch was done by the Gentoo Dev-Team, in:
+# netpanzer/files/netpanzer-0.8-min-size-check.patch
+# Thanks!
+%patch1 -p1
+%patch2 -p1
# Strip \r from RELNOTES file
sed -i 's/\r//' RELNOTES
@@ -78,6 +85,10 @@
%changelog
+* Thu Jun 8 2006 Hugo Cisneiros <hugo at devin.com.br> 0.8-4
+- Fix Remote Server Termination vulnerability (CVE 2006-2575)
+- Add proper packet size check (CVE 2005-2295) (patch from Gentoo)
+
* Thu May 4 2006 Hugo Cisneiros <hugo at devin.com.br> 0.8-3
- Changed netpanzer.png to comply with freedesktop.org standards.
- Added scripts to update the icon cache after installing
- Previous message (by thread): rpms/mach/FC-5 mach.spec,1.7,1.8 sources,1.4,1.5
- Next message (by thread): rpms/SIBsim4/devel .cvsignore, 1.4, 1.5 SIBsim4.spec, 1.4, 1.5 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list